Discussion in 'privacy technology' started by axemmiw905, Mar 7, 2012.
Truecrypt limits you 9999, do I have better options?
Are you talking about encryption algorithms?
Are you talking about file space? In terms of symmetric algorithms what you suggest isn't possible, nor is there a practical need for such a thing.
woah! its encryption level is over AES 9999!!! itll take them 5 million light-years to crack this , lols xD
PGP CKT 6.5.8 would allow 16K keys if you wanted. Anyone remember Imad Faid? The good old days
Okay apparently I was in error. I remember in the old days when TC started, I could have a 9999 bit password encrypted container.
Why are we only limited to a 64 character password? Isn't that a bit limited?
This my help illistrate just how Truecrypt works:
64 is plenty secure depending on its entropy and the method used for bruteforcing though if you wish you can also use a keyfile as well (2 factor) with Truecrypt which will increase the security even more.
From Truecrypt documentation:
seriously more than a 64 key passphrase is more than just ridiculous , even with a good 35/40 key passphrase itd take them more than several decades to crack even if theyd use server clusters to try and bruteforce it ,the time theyd crack it youd most likely be dead for a veryyyyyyyy long time , thats unless they crack you first aka rubber-hose cryptanalysis i just love that word , thou for things such as hidden volumes i go the extra mile and use a 64 key passphrase
p.s: "limited" to a 64 key passphrase,what you want to write down an entire novel? roflmao i can already imagine it xD
oh please lol
according to keepass2 my current 64 character ANSI password is only 329 bits, how hard can that possibly take to hack.
cant tell if serious... lol
I don't think you understand what your talking about. Let's break it down:
To bruteforce a password you have to try every combination from a-z 0-9 and all the special characters as well. That is to say if you know the password is 64 characters in length (which you wouldn't) you would have to try every single combination. IE:
and than it would be:
and so on until every character was tested in every order to get the right password.
This has a search space of 3.79 x 10^126 which would take 12.06 million trillion trillion trillion trillion trillion trillion trillion trillion centuries to crack given a worst case of a cracking array that can do one hundred trillion guesses per second.
The password used in this test was:
The password is 64 Chars. and uses 95 character sets.
I used this site for the test: http://www.grc.com/haystack.htm
a 64 char. password is overkill. Anything 16+ can't be cracked in a reasonable amount of time. I use 20+ chars. to be on the safe side and to future proof my passwords.The longest passwords cracked have been 16 chars with rainbow tables, however these were dictionary words and not strong passwords to begin with.
For all safety/security intents and purposes, you should always assume that the person trying to hack your encryption has the best hardware in the world. I'm not concerned about Joe Bob down the street, I'm more concerned about the feds finding out what I've been doing.
lols see last post for a clear answer , nobody here on wilders would ever start from the lowest denominator we start from the worst case scenario
I would rather be paranoid and believe that the government has the ability to hack something like Truecrypt... if not directly through bruteforce then by a backdoor.
guess ill have to break it down to ya once more , ok your pass that encrypts your hdds is temporarily stored in your ram IF!? they get to it in time then theres a chance to recover it wich is like 1 out of a million , besides theres a system being developed to store passwords in the cpu bus , so no more recovering from the ram or anything for that matter as soon as the pc is off
backdoors? well if youre that paranoid and think your being watched cause youve hacked the gov , then you might as well go the full arsenal , setup a hidden camera surveillance network in your home , then setup motion detectors that will immediately power off your pc as soon as someone enters the home , and for the final touch for the most extreme of all paranoids you might as well rig your hdds with magnesium plates so that as soon as youve activated the motion detectors and they being tripped not only would the pc power off but your hdds would be incinerated, and if youve noticed any tampering or your rig was confiscated and you get it back , do NOT use it again aka hardware keyloggers etc kinds of crap ,buy a new rig and sell the confiscated one on ebay as used or such , before that move all your critical data to your new pc
and last but not least depending on where you live they could simply use yep im gona say it again rubber-hose cryptanalysis , first its cheaper than any other option and second once youve worn off all the drugs theyve pumped into you , you wont remember nothin except ask yourself how youve gotten into that "accident" while in the hospital when you wasnt even near any street , some bruises and maybe missing teeth and some broken bones xD,so it depends on you how you memorize the password in such a way that under drug influence you wouldnt be able to spit it out no matter what , if its only the police take this guys advice and you should be a-ok with tc+fde+hidden os ,switching between outer and hidden volume weekly aka plausible deniability ,as said different measures for different folks
p.s: so what have we learned out of this? NEVER make yourself a suspect in the first place the most difficult part to some people depending on what they do, but worth it, protip blend in with the crowd , use common sense and stay out of trouble , tc with fde and hidden volumes/os only goes that far , now if you plan on hacking the gov i cant help you on that one cause you very likely will get caught then, no matter what you do , and at that point no-one will care about your data or ever hear anything about you again if you think your that important , your not , the gov has always been good in making up storys
This was already said but I will repeat it: There is no system in the world that can do a one hundred trillion guesses per second. I already aimed for worst case.
Even if I had every computer in the world guessing a million passwords a second and all of the power of the sun. It would still take TRILLIONS OF YEARS to brute force AES256 bit directly let alone that password. As a 64 char. password is ~411 bits in entropy.
To summarize even if the computing power existed the energy required would be exponential and so would the cost (if the amount of power was accessible) . As such it would be useless technology and any government would resort to the good old rubber hose techniques.
~Offensive comment removed~ who said the government can't decrypt anything we have. What the **** is this, I have to give you a long ass list of examples of when a list of world governments have hacked through encryption? NOTHING THE PUBLIC HAS is strong enough that the government cannot hack through it, got that? The government actually refers to whatever the public has as weak to mild encryption strength.
Yes, please post the 'list' of current algorithms that have been broken, or properly implemented encryption that was defeated where the password wasn't 'cat' or someone's birthday, etc...
Oh yeah you no DES the algorithm that was deliberately weakened by the NSA and had no where near the openness nor the testing done that AES has. AES is being attacked every day by hundreds if not thousands of people and has still not been cracked. DES was discovered vulnerable before the NSA/Gov. admitted it had weakened the key strength.
Hence when it went public the Government saw it needed a more open algorithm that could be tested by anyone. As part of the AES competition the Algorithms were made public to prevent backdoors from being placed in.
Separate names with a comma.